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REMARKS 

Claims 1-6, 9-15, 17-23, 25-31, and 34 were pending. Claims 1, 10, 18, and 26 
have been amended. Accordingly, claims 1-6, 9-15, 17-23, 25-31, and 34 remain 
pending after entry of the present amendment. 

35 U.S.C. § 112 rejections 



In the present Office Action, claims 1, 10, 18, and 26 stand rejected under 35 
U.S.C. § 112, first paragraph, as failing to comply with the enablement requirement. It is 
suggested in paragraph 1 of the present Office Action that: 



"The specification does not define what constitutes a "Community Set" 
(CS). The specification also does not define whether the "Community 
Set" in an OCS, ACS, UCS is the same or different in each category and if 
it is different then how is the community set different in ACS vs OCS. 

Additionally the specification describes the mathematical definition of a 
"set", "superset" And a "subset" on page 9 but fails to define the 
applicability of the these terms in the current invention in relation with the 
OCS, ACS and UCS to enable one in the ordinary skill in the art to which 
it pertains, or with which it is most nearly connected, to make and/or use 
the invention." 

Applicant submits that page 9 and 10 of the Specification clearly define the meaning of 
set operations including "superset" for any given set of communities. For example, page 
9, paragraph 4, recites: 



"A 'Community Set' is a set of communities, which may consist of no 
communities (the null community set) or any number of communities. 
Each individual community within the community set is said to be a 
'member' of the set." 

Also, page 10, paragraph 3 recites: 
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"A set X is a "superset" of a set Y if and only if all members of Y are also 
members of X. It is said that X "includes" Y when X is a superset of Y." 

Applicant further submits that the Specification clearly enables one of ordinary skill in 
the art to apply these definitions to a UCS, an ACS, and an OCS. For example, page 25, 
paragraphs 2-4 recite: 



"In one embodiment of CAC, four classes of community sets are 
defined: 

• User Community Set (UCS) 

• Application Community Set (ACS) 

• Object Community Set (OCS) 

• Network Service Community Set (NSCS) 

As before, community set information may be maintained in a 
community information base such as CIB 160 in Figure 1. 

In one embodiment, each user has a UCS which may be configured 
by a trusted administrator into a database of user profiles and each 
application process has an ACS." 

Also, page 25, paragraph 5 recites: 



"An object's OCS is initially set by its creator (via a process running on 
behalf of the creator) and must be included within the UCS of its creator 
and within the ACS of the process which created it. " 

Applicant submits that these definitions enable one of ordinary skill in the art to see the 
similarities and differences among community sets generally and a UCS, and ACS, and 
an OCS in particular, as well as enabling one of ordinary skill in the art to apply theses 
terms in the currently claimed invention. It is also noted the figures provide illustrations 
of set operations using community sets. Accordingly, Applicant submits that the rejection 
based on 35 U.S.C. § 112, first paragraph is overcome and withdrawal of the rejection is 
requested. 



Also, in the present Office Action, claims 1, 10, 18, and 26 stand rejected under 
35 U.S.C. § 112, second paragraph, as being indefinite for failing to particularly point out 
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and distinctly claim the subject matter which applicant regards as the invention, 
paragraph 3 of the present Office Action, the Examiner suggests 



"All independent claims state, '(UCS) of said user is a superset of an 
object community set' and 'ACS of said process is a superset of an OCS 
of said object'. It is not clear how can a UCS of a user can be a 'superset' 
of object community set (OCS) and ACS of said process is a superset of 
an OCS of said object making the claim language indefinite." 

Applicant has amended claim 1 to recite 



"A method of community access control in a Multi-Community Node (MCN), 
said method comprising: 

receiving a request for access to an object; 

consulting a community information base (CIB) responsive to said 

request, wherein said CIB includes: 

a user community set (UCS) for each user of said MCN, 
wherein for a given user and associated UCS, a 
given community is a member of the UCS if the 
given user is a member of the given community ; 

an application community set (ACS) for each application 
on said MCN^wherein for a given application and 
associated ACS, a given community is a member of 
the ACS if the given application runs on behalf of a 
user in the given community ; and 

an object community set (OCS) for each object residing 

within said MCN , wherein each OCS is included in 
an ACS of a process which created it ; 
permitting access to said object in response to detecting: 

said request is from a first user; and 

a UCS of the first user is a superset of an OCS of said 
object; 

denying access to said object in response to detecting: 
said request is from the first user; and 
a UCS of the first user is not a superset of an OCS of said 
object; 

permitting access to said object in response to detecting: 
said request is from a process; and 
an ACS of said process is a superset of an OCS of said 
object; and 

denying access to said object in response to detecting: 
said request is from said process; and 
an ACS of said process is not a superset of an OCS of said 
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object; 

wherein a given PCS comprises a first set of communities, a given 
UCS is a superset of the given PCS if at least all of the first 
set of communities are also included in the given UCS, and 
a given ACS is a superset of the given PCS if at least all of 
the first set of communities are also included in the given 
ACS." (emphasis added). 

It is noted that for any given community, conditions for membership in a UCS, an 
ACS, or an PCS are now recited in the claim. It is further noted that the conditions that 
constitute an ACS or a UCS being a superset of an PCS are recited in the claim. For 
example. Applicant has amended claim 1 to clarify that "a UCS of the first user is a 
superset of an PCS of said object" is a conditional statement, since the claim also recites 
"denying access to said object in response to detecting: said request is from the first user; 
and a UCS of the first user is not a superset of an PCS of said object." A similar 
amendment clarifies the conditional nature of the claimed "an ACS of said process is a 
superset of an PCS of said object." Applicant submits that it is clearly possible for 
either a UCS or an ACS to be a superset of a given PCS if both the UCS and ACS 
include at least all of the communities that are members of the PCS. In addition, if either 
the UCS or ACS does not include one or more of the member communities of the PCS, 
then the UCS or ACS that lacks the requisite member(s) is not a superset of the PCS, and 
the corresponding user or process may be denied permission to access the PCS's object. 
Applicant submits that the amended claim now clearly specifies what constitutes a 
community set of each category, making it clear how to apply the mathematical 
definitions of set, superset, and subset to the claims. Accordingly, Applicant submits that 
the rejection based on 35 U.S.C. § 112, second paragraph, is overcome and withdrawal of 
the rejection is requested. 

It is noted that the claims amendments merely incorporate features described in 
the specification, and previously argued during the prior prosecution. No new matter has 
been added by the incorporation of these definitions. 

35 U.S.C. § 103 rejections 
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In addition, claims 1-6, 9-15, 17-23, 25-31, and 34 stand rejected under 35 U.S.C. 
§ 103(a) as being unpatentable over U.S. Patent No. 5,265,221 (hereinafter "Miller") and 
U.S. patent 6,772,350 (hereinafter "Belani"). Applicant respectfully traverses the 
rejections and requests reconsideration in view of the following discussion. 



Applicant submits that in view of the above discussion and amendments that 
clarify the nature of the claims, remarks regarding the rejections under 35 U.S.C. § 103(a) 
that were presented in response to a prior Office Action are still valid and are adapted to 
the amended claims below. In particular. Applicant believes the claims recite features 
neither taught nor suggested by the cited art. For example, claim 1 reads as follows: 

"A method of community access control in a Multi-Community Node 
(MCN), said method comprising: 

receiving a request for access to an object; 

consulting a community information base (CIB) responsive to said 
request, wherein said CIB includes: 
a user community set (UCS) for each user of said MCN, 
wherein for a given user and associated UCS, a 
given community is a member of the UCS if the 
given user is a member of the given community ; 
an application community set (ACS) for each application 
on said MCN^wherein for a given application and 
associated ACS, a given community is a member of 
the ACS if the given application runs on behalf of a 
user in the given community ; and 
an object community set (OCS) for each object residing 

within said MCN , wherein each OCS is included in 
an ACS of a process which created it ; 
permitting access to said object in response to detecting: 
said request is from a first user; and 
a UCS of the first user is a superset of an OCS of said 
object; 

denying access to said object in response to detecting: 
said request is from the first user; and 
a UCS of the first user is not a superset of an OCS of said 
object; 

permitting access to said object in response to detecting: 
said request is from a process; and 
an ACS of said process is a superset of an OCS of said 
object; and 
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denying access to said object in response to detecting: 
said request is from said process; and 
an ACS of said process is not a superset of an OCS of said 
object; 

wherein a given OCS comprises a first set of communities, a given 
UCS is a superset of the given OCS if at least all of the first 
set of communities are also included in the given UCS, and 
a given ACS is a superset of the given OCS if at least all of 
the first set of communities are also included in the given 
ACS." 



In paragraph 6 of the present Office Action, it is suggested that Miller-Belani 

discloses all of the features of claim 1. In particular, it is stated that Miller discloses a: 

"CIB (col. 2, lines 42-47) includes: a user community set (UCS) for 
each user of said MCN (col. 2, lines 47-52), an application community 
set (ACS) for application on said MCN, and an object set (OCS) for 
each object residing within said MCN (Miller, col. 2, lines 52-62)." 

However, Applicant submits these features are not disclosed by the cited art. For 
example, with respect to claim 1, the cited art does not disclose at least the features: 



"consulting a community information base (CIB) responsive to 

said request, wherein said CIB includes: 

a user community set (UCS) for each user of said MCN, 
wherein for a given user and associated UCS, a 
given community is a member of the UCS if the 
given user is a member of the given community; 

an application community set (ACS) for each application 
on said MCN, wherein for a given application and 
associated ACS, a given community is a member of 
the ACS if the given application runs on behalf of a 
user in the given community; and 

an object community set (OCS) for each object residing 

within said MCN, wherein each OCS is included in 
an ACS of a process which created it". 

As seen from the above, claim 1 recites multiple community sets associated with 
different types of entities - a UCS for each user, an ACS for each application, and an 
OCS for each object. In contrast. Miller discloses storing information about subjects, 
objects, verbs, rules, and definitions. For example. Miller discloses: 
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"In the embodiment shown in FIG. 2, the subject memory 204 stores user 
information in a logical matrix having a specific user on each row, with 
user attributes, i.e. data pertaining to the specific user, in each field 
(column). The object memory 206 stores object names and object 
attributes and optionally object rules for defined verbs. The verb 
memory 208 stores verb names with a default rule for each verb name. 
The rule memory 210 stores rule names with their associated boolean 
expressions. The definition memory 212 stores field definitions, external 
function declarations, and strings. The evaluator 202, coupled to the 
subject memory 204, object memory 206, verb memory 208, the rule 
memory 210 and the definition memory 212, allows or disallows access of 
the user 102 to the entity 106 according to the specified verb, specified 
default rule, and user and object attributes." (Miller, col. 4, lines 14-30, 
emphasis added). 

"The user window, shown in FIG. 3, is used to display and update user 
names and user attributes. Columns in this window can be used to specify 
the user's group(s), the role(s) or general attributes. The information 
displayed by the user window of FIG. 3 corresponds to the data stored in 
subject memory 204." (Miller, col. 7, lines 63-68) 

"Objects that are today felt to be necessary to protect are records, blocks, 
pages, segments, files, directories, directory trees, programs, and 
processes, as well as fields, processors, video displays, clocks, printers, 
communications, devices, etc. " (Miller, col. 1, lines 30-34) 

As may be seen from the above. Miller discloses storing user attributes in the 
subject memory including the user's groups. Miller also discloses storing object 
attributes in the object memory, and that an object may be a process or a program. 
However, Miller defines the contents of the object memory to be "object names and 
object attributes and optionally object rules for defined verbs." Even were one to equate 
a community set with a group, it is noted that Miller does not disclose storing groups as 
attributes of objects, processes, or programs in the object memory. It is further suggested 
in paragraph 16 of the present Office Action that Miller discloses 



"an application community set (ACS) for each application on said MCN. . . 
; and an object community set (OCS) for each object (Please read col. 1, 
lines 30-35 and compare it with the definition of an object in the 
specification) residing within said MCN (col. 2, lines 52-62); a processing 
unit configured to receive a request for access to an object; consult said 
CIB responsive to said request; permit access to said object in response to 
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detecting said request is from a user; and a UCS of said user is a superset 
of an object community set (OCS) of said object (col. 4, line 56-67 & col. 
5, lines 1-20) {Miller discloses that security policies are concerned not 
only with which subject may obtain access to which objects, but also with 
the granting, revoking and denying of authorization to and from users and 
groups. Given the set of authorizations for users and groups, some rules 
must be applied for deriving authorization for subjects. In general case, 
user may belong to more than one group. In assigning privileges to 
subjects acting on behalf of a user, one can choose to: 1. Have the subject 
operate with the union of privileges of all groups (Superset) to which the 
user belongs, as well as all his or her individual privileges, 2, Have the 
subject operate with the privilege of only one group at a time; 3. Allow the 
subject to choose to operate with its user's privileges or with the privileges 
of one of the groups to which its user belongs; and implement some other 
policy}; permit access to said object in response to detecting: said request 
is from a process; and an ACS said process is a superset of said OCS (col. 
5, lines 30-35 & 39062) {Miller also discloses that user's access rights are 
also application dependent and the owner or multiple owner may have 
rights to delete and modify an object I.E. in order to perform such actions 
the user has to access the object by a certain process that originally create 
that object}." 



However, claim 1 as amended now recites a method including, in relevant part. 



". . . consulting a community information base (CIB) responsive to 
said request, wherein said CIB includes: 

an application community set (ACS) for each application 
on said MCN, wherein for a given application and 
associated ACS, a given community is a member of 
the ACS if the given application runs on behalf of a 
user in the given community; and 

an object community set (OCS) for each object residing 
within said MCN, wherein each OCS is included in 
an ACS of a process which created it . . ." 

While the Miller discloses an object at col. 1, lines 30-35, Applicant submits that 
there is no teaching or suggestion in this portion or any other portion of Miller of an 
object community set, as recited. Accordingly, Applicant finds no teaching or suggestion 
in Miller of a "CIB ... [that] includes ... an application community set (ACS) for each 
application on said MCN, wherein for a given application and associated ACS, a given 
community is a member of the ACS if the given application runs on behalf of a user in 
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the given community; and an object community set (OCS) for each object residing within 
said MCN, wherein each OCS is included in an ACS of a process which created it" as is 
recited in claim 1 . 

As noted above, it is also suggested in paragraph 16 of the present Office Action 
that "In assigning privileges to subjects acting on behalf of a user, one can choose to: 1. 
Have the subject operate with the union of privileges of all groups (Superset) to which 
the user belongs." However, the union of privileges is not the same as "permitting 
access to said object in response to detecting: said request is from a user; and a UCS of 
said user is a superset of an OCS of said object." The recited condition for granting 
access is not a union of the UCS and the OCS, nor are privileges the criteria that are 
recited. Rather, the recited criteria have to do with which communities are in the UCS 
compared to the communities that are in the OCS. Accordingly, Applicant finds no 
teaching or suggestion in Miller of "permitting access to said object in response to 
detecting: said request is from a first user; and a UCS of the first user is a superset of an 
OCS of said object; denying access to said object in response to detecting: said request is 
from the first user; and a UCS of the first user is not a superset of an OCS of said object" 
as is recited in claim 1. For at least these reasons. Applicant submits claim 1 is 
patentably distinct from the cited art for at least the above reasons. 

In addition to the above. Applicant submits that claim 1 recites additional features 
not disclosed by the cited art. For example, with respect to claim 1, the cited art does not 
disclose the features: 

"permitting access to said object in response to detecting: 
said request is from a first user; and 
a UCS of the first user is a superset of an OCS of said 
object; 

denying access to said object in response to detecting: 
said request is from the first user; and 
a UCS of the first user is not a superset of an OCS of said 
object; 

permitting access to said object in response to detecting: 
said request is from a process; and 
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an ACS of said process is a superset of an PCS of said 
object ; and 

denying access to said object in response to detecting: 
said request is from said process; and 

an ACS of said process is not a superset of an OCS of said object" 

Claim 1 recites two distinct access control mechanisms, one responding to a 
request from a user and one responding to a request from a process. In contrast. Miller, 
discloses access control for users, but not for processes. Miller discloses: 

"the subject memory 204 stores user information in a logical matrix 
having a specific user on each row, with user attributes, i.e. data pertaining 
to the specific user, in each field (column)." (Miller, col. 4, lines 14-18). 

It is noted that the subject memory stores user information, not object, process, or 
application information. 

"Discretionary access control mechanisms are in the most reduced sense 
binary decisions: a subject is either allowed or not allowed to perform 
some action on some object. This concept can be stated as follows: the 
sentence "Subject may Verb Object" is either true or false. A general 
discretionary access control mechanism, therefore, should have subjects, 
verbs, and objects as inputs to a boolean expression evaluator, as disclosed 
herein." (Miller, col. 7, lines 28-36 emphasis added). 



While Miller discloses access control to objects from users. Miller does not 
separately disclose access control to objects from processes. In contrast, claim 1 refers 
to "permitting access to said object in response to ... a request is from a process." It is 
noted that a "process" is different from a "user" as each is recited independently in claim 
1. Accordingly, Applicant finds no teaching or suggestion in Miller of "permitting 
access to said object in response to detecting said request is from a process and an ACS 
of said process is a superset of an OCS of said object" as is recited in claim 1. Applicant 
submits claim 1 is patentably distinct from the cited art for at least these additional 
reasons. 



As each of independent claims 10, 18, and 26 include similar features, each of 
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these claims are patentably distinct for reasons similar to that of claim 1. Likewise, as 
each of dependent claims 2-6, 9, 11-15, 17, 19-23, 25, 27-31, and 34 includes at least the 
features of the above independent claims upon which it depends, each of dependent 
claims 2-6, 9, 11-15, 17, 19-23, 25, 27-31, and 34 is believed patentable as well. 

In view of the prosecution in this case, the below signed representative requests a 
telephone interview if the examiner believes any issues remain. 
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CONCLUSION 

Applicant submits the application is in condition for allowance, and an early 
notice to that effect is requested. 

If any extensions of time (under 37 C.F.R. § 1.136) are necessary to prevent the 
above referenced application(s) from becoming abandoned, Applicant(s) hereby petition 
for such extensions. If any fees are due, the Commissioner is authorized to charge said 
fees to Meyertons, Hood, Kivlin, Kowert, & Goetzel, P.C. Deposit Account No. 
501505/5181-75800/RDR. 



Respectfully submitted. 



/ Rory D. Rankin / 

Rory D. Rankin 
Reg. No. 47,884 

ATTORNEY FOR APPLICANT(S) 



Meyertons, Hood, Kivlin, 

Kowert, & Goetzel, P.C. 
P.O. Box 398 
Austin, TX 78767-0398 
Phone: (512) 853-8800 

Date: August 15. 2007 
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